Safety center
Your dedicated resource for digital safety, providing you with the knowledge and tools to protect your documents and data.
Our philosophy: Safety by default
We build safety directly into the platform's core architecture from the very beginning. Rather than adding safety measures as an afterthought, we engineer them as foundational elements of the product. This safety-by-default approach ensures that protective measures are not just optional features but are deeply integrated to provide a secure and safe user experience.
Multi-layered fraud defense
Docusign's multi-layered approach protects users and agreements by combining document integrity, identity verification, and robust login security. This includes enforcing password complexity, multi-factor authentication, and advanced methods like FIDO passkeys to prevent impersonation and secure every transaction.
Types of fraudulent activities to recognize and report
Email abuse
Attempts to trick users into believing that emails are related to or from Docusign customer accounts, often in the form of phishing campaigns.
In product abuse
Suspected fraud or illegal activity related to actual Docusign customer accounts. Activities like this are considered fraud and represent improper use of the Docusign platform.
Report fraud
We take abuse very seriously and are committed to helping you. Our streamlined process makes reporting abuse or appealing an account decision simple, fast, and efficient.
Report email abuse
Reporting a suspicious email impersonating Docusign is simple and helps keep everyone safe. Just forward the suspicious email as an attachment or copy the URL and send it to verify@docusign.com. Our teams will analyze it and take the appropriate actions to mitigate this threat.
Report in product abuse
We’ve made it easy for you to help keep our community safe. If you ever see an email, envelope, or any other activity on our platform that seems off, you can report it directly within Docusign. Your report goes straight to our team and helps us investigate and shut down bad actors.
Appeals form
If you believe your account was deactivated by mistake, please fill in the linked form below. Our Trust & Safety team will review the details and take the appropriate action. Business customers can use this form as well or reach out directly to customer support.
What to do if you receive a suspicious email
In this video, Docusign CISO Michael Adams shares some best practices for recognizing phishing attempts that use the Docusign brand.
What is social engineering?
Social engineering is a cybercrime that tricks individuals into revealing sensitive information. Threat actors often impersonate well-known, trusted brands like Docusign to lure you into revealing your credentials and other private information.
Phishing
Phishing uses fake emails to mislead people into opening dangerous links. Targeted attacks like spear phishing and whaling, go after specific individuals or executives.
Smishing
Smishing (short for SMS phishing) involves receiving fraudulent text messages that contain malicious links, aiming to steal your personal or financial information.
Vishing
Vishing scams use phone calls to trick people into sharing private data. Encourage your staff to confirm callers' identities using verified channels to avoid breaches.
Quishing
Quishing, where fake QR codes are used to steal information, poses risks. Educating your staff on verifying QR codes can help defend against these scams.
Social engineering by the numbers
Frequently asked safety questions
Docusign takes your security incredibly seriously. We go the extra mile to protect your data with advanced digital fraud management, dedicated brand protection, and a specialized anti-fraud team. It's our top priority to ensure your information stays safe and secure.
You can verify a Docusign transaction's authenticity by checking for several key signs. First, always confirm the sender's email is from an official Docusign domain like @docusign.net. Next, look for a unique security code in the email, which allows you to access the document directly from the official website instead of clicking a link. Finally, be wary of attachments, as Docusign never sends signature requests as a file. After the document is signed, you'll receive a Certificate of Completion, which serves as a secure and verifiable audit trail of the transaction.
If you receive a suspicious envelope, do not click any links. Instead, use the "Report Abuse" feature found inside the envelope or email. This immediately alerts our anti-fraud team to investigate and protect all users. Business customers should also notify their internal security team as a best practice.
Phishing is a type of fraud where attackers impersonate a trusted entity, like Docusign, to trick you into revealing sensitive information. A fraudulent email may contain suspicious links, grammatical errors, or a generic greeting. Always check the sender's email address and hover over links to verify they lead to a legitimate domain before clicking.
